Can pfSense do all of this for me? (drawing attached)



  • I'm hoping that somehow pfsense can do all this for me.  Unique SSID/Layer3 Networks.  2.4 and 5 Ghz wireless simultaneous.  Unique controls on each network/SSID.  inline/transparent wed content filtering (no client proxy configuration).  QOS, etc…..

    Please view the diagram I've attached.  I think I've put good details in that.

    I'm capable of easily breaking things in linux, not quite so in troubleshooting/fixing things in linux.  I respect linux and its open applications.  I doubt I'm capable of doing all of this from scratch with a distro like ubuntu/centos/freebsd.  with good guidance, I suppose I could do some CLI stuff if necessary.

    I've bought a few wireless nics, the one I still have is a tp-link TL-WDN4800.  It worked without any driver installation/configuration in Linux 12.0.4 desktop.  None of these free linux based firewall/UTM products have recognized it.  I believe it is an Atheros 9K chipset, which I've sort of thought was a commonly supported product.

    Thanks for giving this a look.
    ![Wireless Network Desirable.jpg](/public/imported_attachments/1/Wireless Network Desirable.jpg)
    ![Wireless Network Desirable.jpg_thumb](/public/imported_attachments/1/Wireless Network Desirable.jpg_thumb)



  • I dont see why not, you could just make a firewall rule for each PC and link it to the kids MAC

    then using the scheduler lock them down or perhaps have it redirect to a simple site that says brush your teeth goto bed :)

    or if you dont want them to know you can make a mock up 404 page.



  • @bobn:

    I'm hoping that somehow pfsense can do all this for me.  Unique SSID/Layer3 Networks.  2.4 and 5 Ghz wireless simultaneous.  Unique controls on each network/SSID.  inline/transparent wed content filtering (no client proxy configuration).  QOS, etc…..

    Please view the diagram I've attached.  I think I've put good details in that.

    I'm capable of easily breaking things in linux, not quite so in troubleshooting/fixing things in linux.  I respect linux and its open applications.  I doubt I'm capable of doing all of this from scratch with a distro like ubuntu/centos/freebsd.  with good guidance, I suppose I could do some CLI stuff if necessary.

    I've bought a few wireless nics, the one I still have is a tp-link TL-WDN4800.  It worked without any driver installation/configuration in Linux 12.0.4 desktop.  None of these free linux based firewall/UTM products have recognized it.  I believe it is an Atheros 9K chipset, which I've sort of thought was a commonly supported product.

    Thanks for giving this a look.

    Personally, I think if you are trying to do all of this in one device you're gonna have a lot of challenges… I also wouldn't mess around with putting wireless cards in your pfsense firewall/router. Others may chime in and disagree, but I think you'd get much better performance (in many ways) out of setting up wireless access points and just connecting them to the pfsense router.

    Do you want the devices to all be in the same subnet regardless of the access point they are connecting to? If so, I'd use a wired card in the pfsense box, connect a switch and either hookup multiple access points or a wireless access point that will let you create multiple SSID's. You can assign devices within ranges of IP addresses and create firewall rules to get the time restrictions you desire.

    On the other hand, if you need separate subnets you could add multiple wired cards and connect an access point to each card. Firewall rules can still be used to accomplish the time restrictions.



  • Thanks both of you.

    rjcrowder, Yea, I've noticed that is a wide difference among posters opinions about the matter of pfsense hosting wireless services.

    starshooter10, are these steps in the gui, or a command line option; like is scheduler gui or cli?  Oops, I've finally found the scheduler tie in with the firewall rules…...  nm

    Does the GUI firewall builder offer up enough that I don't need to learn the CLI?  If not, has anyone run across a great primer for that CLI.

    I come from a cisco ios and asa background.  I dislike cisco's automagic network access they try institute in enterprise class products with their security zones freely allowing network from higher to lower security zones, I always start a new dmz vlan with an implicit deny ip any any inbound and outbound.  So I'm not unfamiliar with the SIP, DIP, DP, and masking concepts.  I just haven't actually had to work with linux type of firewall CLI, so I'm starting out at ground zero with it.

    Is the web/http content filtering in this an inline filter, or explicit proxy filter?

    Thanks



  • @rjcrowder:

    I also wouldn't mess around with putting wireless cards in your pfsense firewall/router. Others may chime in and disagree, but I think you'd get much better performance (in many ways) out of setting up wireless access points and just connecting them to the pfsense router.

    I generally agree with this statement, but my limited troubleshooting experience with "low end" external APs has made me glad I have wireless cards in my pfSense on my home network. The "low end" APs I have had to work with had minimal reporting and tracing facilities meaning troubleshooting has been much more "guess, tweak and hope" than "look at what is happening and adjust accordingly".



  • @bobn:

    Thanks both of you.

    rjcrowder, Yea, I've noticed that is a wide difference among posters opinions about the matter of pfsense hosting wireless services.

    starshooter10, are these steps in the gui, or a command line option; like is scheduler gui or cli?   Oops, I've finally found the scheduler tie in with the firewall rules…...  nm

    Does the GUI firewall builder offer up enough that I don't need to learn the CLI?  If not, has anyone run across a great primer for that CLI.

    I come from a cisco ios and asa background.  I dislike cisco's automagic network access they try institute in enterprise class products with their security zones freely allowing network from higher to lower security zones, I always start a new dmz vlan with an implicit deny ip any any inbound and outbound.  So I'm not unfamiliar with the SIP, DIP, DP, and masking concepts.  I just haven't actually had to work with linux type of firewall CLI, so I'm starting out at ground zero with it.

    Is the web/http content filtering in this an inline filter, or explicit proxy filter?

    Thanks

    Probably shouldn't admit it, but I don't have much of a networking background… so I don't know much about Cisco devices.

    The pfsense gui firewall rule creator is pretty nice and lets you do about anything you would want to do at layer 3. However, because it is using PF under the covers it will not let you do anything with layer 2. In order to mess with layer 2, you need to use the ipfw firewall - which is installed as part of the captive portal. Unfortuntely, there is no pfsense gui that allows you to create ipfw firewall rules - so if you need layer 2 rules you are at the command line...

    From what I've seen, this is the major difference from linux based firewalls that I've played with (ipcop for example) which use iptables and let you create layer 2/3 rules.


Locked